Talk:SSL Encryption

Add topic
Active discussions

The stated SSL cert fingerprints appear out of date

Notary Lookup for: anidb.net:443,2 Browser's Key = '95:ee:24:b6:c6:5d:32:74:a1:50:48:bb:73:7a:93:ea' Results: Quorum duration: 0.1 days Notary Observations:

Notary: cmu.ron.lcs.mit.edu:8080 ssl key: '95:ee:24:b6:c6:5d:32:74:a1:50:48:bb:73:7a:93:ea' start: 1303548229 - Sat Apr 23 2011 end: 1303548232 - Sat Apr 23 2011

Notary: convoke.ron.lcs.mit.edu:8080 ssl key: '39:ba:e3:5b:90:a0:c4:ff:1b:c7:32:00:67:bc:ca:aa' start: 1270897465 - Sat Apr 10 2010 end: 1272922215 - Mon May 03 2010 ssl key: '95:ee:24:b6:c6:5d:32:74:a1:50:48:bb:73:7a:93:ea' start: 1272922216 - Mon May 03 2010 end: 1303542914 - Sat Apr 23 2011

Notary: mvn.ron.lcs.mit.edu:8080 ssl key: '95:ee:24:b6:c6:5d:32:74:a1:50:48:bb:73:7a:93:ea' start: 1303542022 - Sat Apr 23 2011 end: 1303542434 - Sat Apr 23 2011

Notary: hostway.ron.lcs.mit.edu:8080 ssl key: '39:ba:e3:5b:90:a0:c4:ff:1b:c7:32:00:67:bc:ca:aa' start: 1270897465 - Sat Apr 10 2010 end: 1272957971 - Tue May 04 2010 ssl key: '95:ee:24:b6:c6:5d:32:74:a1:50:48:bb:73:7a:93:ea' start: 1272957972 - Tue May 04 2010 end: 1303542973 - Sat Apr 23 2011


The entire article should be updated in light of the December, 2015 change to Let's Encrypt certificates, including a mention of issues with certain subdomains not using those certificates and use of HSTS header / browser recall of HTTPS for all anidb subdomains. Belove (talk) 11:47, 23 January 2016 (UTC)

Security?

"All requests for images, stylesheets and other page elements are NOT encrypted. Such requests should usually not be directed towards "anidb.net" but rather towards specific subdomains [and] do not include the AniDB authentication cookies and should thus not allow attackers to hijack your AniDB session."

You guys are aware there are ways to use css to trick various browsers into executing scripts, and hence running code that hijacks sessions and bypasses https... right? Dantman 02:23, 19 November 2012 (CET)

Return to "SSL Encryption" page.
MediaWiki spam blocked by CleanTalk.
MediaWiki spam blocked by CleanTalk.